fix: sparse-checkout not disabled on subsequent checkout

If actions/checkout is invoked once with 'sparse-checkout' and cone mode disabled, core.sparseCheckout remains enabled for all subsequent invocations of actions/checkout.
Adjust positioning of user email note and permissions heading (#2044 )
2025-04-20 08:50:16 +03:00 · 2025-04-06 10:42:53 +02:00 · 2025-01-16 15:56:18 -05:00 · 2025-01-16 14:14:48 -05:00
3 changed files with 13 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -311,8 +311,17 @@ jobs:
          git commit -m "generated"
          git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D

+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```

 # License

--- a/dist/index.js
+++ b/dist/index.js
@ -588,6 +588,8 @@ class GitCommandManager {
    disableSparseCheckout() {
        return __awaiter(this, void 0, void 0, function* () {
            yield this.execGit(['sparse-checkout', 'disable']);
+            // Ensures that a previously enabled 'sparse-checkout' (e.g. via sparseCheckoutNonConeMode) is also disabled in the config.
+            yield this.execGit(['config', 'core.sparseCheckout', 'false']);
            // Disabling 'sparse-checkout` leaves behind an undesirable side-effect in config (even in a pristine environment).
            yield this.tryConfigUnset('extensions.worktreeConfig', false);
        });
--- a/src/git-command-manager.ts
+++ b/src/git-command-manager.ts
@ -178,6 +178,8 @@ class GitCommandManager {

  async disableSparseCheckout(): Promise<void> {
    await this.execGit(['sparse-checkout', 'disable'])
+    // Ensures that a previously enabled 'sparse-checkout' (e.g. via sparseCheckoutNonConeMode) is also disabled in the config.
+    yield this.execGit(['config', 'core.sparseCheckout', 'false']);
    // Disabling 'sparse-checkout` leaves behind an undesirable side-effect in config (even in a pristine environment).
    await this.tryConfigUnset('extensions.worktreeConfig', false)
  }
Author	SHA1	Message	Date
Antoine Cotten	3b88dfdbe4	fix: sparse-checkout not disabled on subsequent checkout If actions/checkout is invoked once with 'sparse-checkout' and cone mode disabled, core.sparseCheckout remains enabled for all subsequent invocations of actions/checkout.	2025-04-06 10:42:53 +02:00
Josh Gross	85e6279cec	Adjust positioning of user email note and permissions heading (#2044 ) Some checks failed CodeQL / Analyze (push) Has been cancelled Details Licensed / Check licenses (push) Has been cancelled Details Build and Test / build (push) Has been cancelled Details Build and Test / test (macos-latest) (push) Has been cancelled Details Build and Test / test (ubuntu-latest) (push) Has been cancelled Details Build and Test / test (windows-latest) (push) Has been cancelled Details Build and Test / test-proxy (push) Has been cancelled Details Build and Test / test-bypass-proxy (push) Has been cancelled Details Build and Test / test-git-container (push) Has been cancelled Details Build and Test / test-output (push) Has been cancelled Details	2025-01-16 15:56:18 -05:00
Ben Wells	009b9ae9e4	Documentation update - add recommended permissions to Readme (#2043 ) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com>	2025-01-16 14:14:48 -05:00